From owner-freebsd-net  Mon Dec  2  6:49: 8 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4067137B401
	for <freebsd-net@freebsd.org>; Mon,  2 Dec 2002 06:49:07 -0800 (PST)
Received: from mail.sandvine.com (sandvine.com [199.243.201.138])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AD58C43E9C
	for <freebsd-net@freebsd.org>; Mon,  2 Dec 2002 06:49:06 -0800 (PST)
	(envelope-from don@sandvine.com)
Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19)
	id <XJT6J9D3>; Mon, 2 Dec 2002 09:49:05 -0500
Message-ID: <FE045D4D9F7AED4CBFF1B3B813C853370102309B@mail.sandvine.com>
From: Don Bowman <don@sandvine.com>
To: "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org>
Subject: SO_DONTROUTE, arp's, ipfw fwd, etc
Date: Mon, 2 Dec 2002 09:49:03 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org


I have a setup where I have a transparent proxy using ipfw fwd (to
localhost).
Data is sent to this device using a MAC rewrite so that packets arrive with
my MAC, but the original source and destination IP.
When I receive the SYN, i accept the connection, which causes an ARP
to be emitted for the source address, and then the SYN/ACK.

Now, I would like to have my default route not be on the 'data' interface
which has the ipfw rule. It seems like this would work if:

a) the MAC address for the source address (the router which sent me
the packet) was entered into the ARP cache automatically when the SYN
was received.
b) I used SO_DONTROUTE in my proxy application.

Does anybody have any comments on that? Is there a reason that learning
ARP entries isn't done passively?

I assume that since the receive interface is cached in the syncache,
and then proxied through to the PCB, that the SO_DONTROUTE will cause
the return packets to go back through that same interface?

Is there a simpler way?

--don (don@sandvine.com www.sandvine.com)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message